EHR_ACCESS references an abstract type of ACCESS_CONTROL_SETTINGS but this is not specified. A subtype would also be beneficial along with an XML Schema.
There is a larger design discussion here on proper design of privacy for openEHR. I am talking to Ross Anderson (Cambridge) about this right now.
I think we should treat this PR as a pragamatic need for something concrete to use right now in current systems, and leave the larger problem for a different PR.
I have something I have implemented as a starting proposal.
Heath, do you have a proposal on this?